Skip to content

[aws_vpcflow_otel] Content pack of EDOT Cloud Forwarder for AWS - VPC Flow Logs #15402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

[aws_vpcflow_otel] Content pack of EDOT Cloud Forwarder for AWS - VPC Flow Logs #15402

wants to merge 19 commits into from
+795 −0

Conversation

mykola-elastic
Copy link
Contributor

@mykola-elastic mykola-elastic commented Sep 19, 2025
edited
Loading

Content pack for EDOT Cloud Forwarder for AWS - VPC Flow Logs - Dashboard

Proposed commit message

See title.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Screenshots

screenshot

@mykola-elastic mykola-elastic self-assigned this Sep 19, 2025
@mykola-elastic mykola-elastic added enhancement New feature or request New Integration Issue or pull request for creating a new integration package. Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] labels Sep 19, 2025
@andrewkroh andrewkroh added dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. labels Sep 19, 2025
@mykola-elastic mykola-elastic changed the title Content pack of EDOT Cloud Forwarder for AWS - VPC Flow Logs [aws_vpcflow_otel] Content pack of EDOT Cloud Forwarder for AWS - VPC Flow Logs Sep 22, 2025
@mykola-elastic mykola-elastic marked this pull request as ready for review September 22, 2025 11:09
@mykola-elastic mykola-elastic requested a review from a team as a code owner September 22, 2025 11:09
@mykola-elastic
Copy link
Contributor Author

mykola-elastic commented Sep 22, 2025
edited
Loading

For Comparison

The dashboard from AWS package (AWS VPC Flow Logs), added the dashboard and changed some fields to match EDOT Cloud Forwarder for AWS field names

Screenshot 2025-09-22 at 14 36 06 Screenshot 2025-09-22 at 14 36 14

The Dashboard from this PR (using ES|QL)

I removed the map, I don't think I can draw anything on it using the data we have (I may be wrong)

Screenshot 2025-09-22 at 14 38 00

ishleenk17
ishleenk17 reviewed Sep 22, 2025
View reviewed changes
@ishleenk17
Copy link
Member

I removed the map, I don't think I can draw anything on it using the data we have (I may be wrong)

You are right. Till we have geo location fields populated. We can't use the map

@ishleenk17
Copy link
Member

NOTE: Once this PR is included in the ECOT Collector, we should change the dashboard filter to
scope.attributes.awslogs_encoding.format: vpc_flow_log

@ishleenk17
Copy link
Member

@mykola-elastic : In the dashboard we show details of only the reject logs and not Accept Logs. Any idea why ?

@ishleenk17
Copy link
Member

@ShourieG : Could you please review this PR from Security POV ?

ishleenk17
ishleenk17 reviewed Sep 23, 2025
View reviewed changes
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @mykola-elastic

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
95.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@mykola-elastic
Copy link
Contributor Author

mykola-elastic commented Sep 23, 2025
edited
Loading

In the dashboard we show details of only the reject logs and not Accept Logs. Any idea why ?

@ishleenk17
I suppose it is to highlight either misconfiguration of blocking rules or when somebody tries to scan/attack but gets blocked.
That's more useful for spotting/troubleshooting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichaelKatsoulis MichaelKatsoulis Awaiting requested review from MichaelKatsoulis

@gpop63 gpop63 Awaiting requested review from gpop63

@tommyers-elastic tommyers-elastic Awaiting requested review from tommyers-elastic

@ShourieG ShourieG Awaiting requested review from ShourieG

@ishleenk17 ishleenk17 Awaiting requested review from ishleenk17

At least 1 approving review is required to merge this pull request.

Assignees

@mykola-elastic mykola-elastic

Labels
dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request New Integration Issue or pull request for creating a new integration package. Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mykola-elastic @ishleenk17 @elasticmachine @andrewkroh